Update Problem

Sir, I am using these codes

[PHP]// UPDATE

if(isset($_POST['update']))
{
// Get values from form 
$name=$_POST['name'];
$moba=$_POST['moba'];
$mobb=$_POST['mobb'];
$ptcl=$_POST['ptcl'];
$fax =$_POST['fax'];
$email=$_POST['email'];
$web =$_POST['web'];
$add =$_POST['add'];
$city =$_POST['city'];
$country =$_POST['country'];
$job =$_POST['job'];
$office =$_POST['office'];
$place =$_POST['place'];
$phone =$_POST['phone'];
$others =$_POST['others'];


if (empty($moba)){
		echo "<script>alert('No username is selected')</script>";
	}else{

$query = “UPDATE contacts SET name=$name mobb=$mobb ptcl=$ptcl fax=$fax email=$email web=$web address=$add city=$city country=$country job=$job office=$office place=$place phone=$phone others=$others where moba=’”.$_POST[’$moba’]."’";
$result = mysqli_query($con, $query)or die (mysqli_error());

	//check update
		if(!$result)
		{
		echo ("<script>alert('Sorry! Something went wrong.')</script>");
		}else{
		echo ("<script>alert('Record updated successfully')</script>"); 
	    }
	}
	}[/PHP]

but it says:
[COLOR=“Red”]Notice: Undefined index: $moba in C:\wamp\www\Phonebook\contacts.php on line 110[/COLOR]

and line 110 is
[PHP]$query = “UPDATE contacts SET name=$name mobb=$mobb ptcl=$ptcl fax=$fax email=$email web=$web address=$add city=$city country=$country job=$job office=$office place=$place phone=$phone others=$others where moba=’”.$_POST[’$moba’]."’";
[/PHP]

My database is as follows:

What I am doing wrong?
Please help me

  1. Youre trying to use $_POST[’$moba’] in that line, you probably mean to use either $_POST[‘moba’] or $moba

  2. Your code is vulberable to sql injection, please change to using parameterized queries.

Thanks Sir, one problem solved, now i am facing this this problem

Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\wamp\www\Phonebook\contacts.php on line 111

line 111 is

$result = mysqli_query($con, $query)or die (mysqli_error());

http://www.php.net/manual/en/mysqli.error.php

Procedural style

string mysqli_error ( mysqli $link )

Sir I have modified as

[php]$result = mysqli_query($con,$query)or die (mysqli_error($con));[/php]

now it says:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mobb= ptcl= fax= email= web= address= city= country= job= office= place= phone= ’ at line 1

what does it means?

That the SQL query is invalid, as you see there are no values present where you insert the variables.

This basically means that this code isn’t working as you expect
[php] // Get values from form
$name=$_POST[‘name’];
$moba=$_POST[‘moba’];
$mobb=$_POST[‘mobb’];
$ptcl=$_POST[‘ptcl’];
$fax =$_POST[‘fax’];
$email=$_POST[‘email’];
$web =$_POST[‘web’];
$add =$_POST[‘add’];
$city =$_POST[‘city’];
$country =$_POST[‘country’];
$job =$_POST[‘job’];
$office =$_POST[‘office’];
$place =$_POST[‘place’];
$phone =$_POST[‘phone’];
$others =$_POST[‘others’];[/php]

First of all you should add a fall-back. If you try to use an array key that does not exist you will get a warning, also you will be left with a null value

so do this

[php]$name = !empty($_POST[‘name’]) ? $_POST[‘name’] : ‘’;[/php]

This will ensure you get either the value of the post field, or an empty string.

Then you have to figure out why the values from the form aren’t received on the server side. Are you sure you are posting the data?

And again, you should be using parameterized queries.

Thanks sir, finally i got solution as

[php]$query = “UPDATE contacts SET name=’$name’, mobb=’$mobb’, ptcl=’$ptcl’, fax=’$fax’, email=’$email’, web=’$web’, address=’$add’, city=’$city’, country=’$country’, job=’$job’, office=’$office’, place=’$place’, phone=’$phone’, others=’$others’ where moba=’”.$_POST[‘moba’]."’";
$result = mysqli_query($con,$query)or die (mysqli_error($con));
[/php]

it works fine.
Does it need more modifications?

Yes, you need to use parameterized queries. Your code is highly vulnerable

Sir I am very sorry to say that i could not still understand the meaning of “parameterized queries”

What does it mean and how to use it.

http://www.phphelp.com/forum/the-occasional-tutorial/using-php-with-databases-(pdo-tutorial)/
http://php.net/manual/en/mysqli.prepare.php

Sponsor our Newsletter | Privacy Policy | Terms of Service